Saturday, October 23, 2010

[Re-link] Malicous PDF analysis e-book

Well done Didier Stevens for producing this small chapters for public. I really make use of this book and hopefully i can share with others here..

it can be download here

i cant wait the full version of the book that you contribute..

Wednesday, September 1, 2010

Discover image details online

How to check shutter count? how to check aperture size of image taken? how to check bla.. bla..? how to check itu? how to check ini?

Just upload your image at http://regex.info/exif.cgi/exif.cgi .. and all your questions regarding image details will be answered.. But i dont know and not so sure how far they protect the privacy and ownership of your image.. so far, i just upload unimportant image and quite paranoid to upload beautiful image..

For example here I uploaded an image:


and i got full complete details on that image:

and a lot more details...

and more.. dont have space to upload here..

Saturday, February 20, 2010

dulu 120kmph, kini..

kene snaman pipi sket lagi.. duhh

Tuesday, January 26, 2010

Aurora oh Aurora

aurora oh aurora
pentingkah kamu itu
kenapa aku terpegun?
aurora oh aurora
selalu disanjungi
pernah ditanya mengapa?
ku tatap, berseri, berwarna hijau
yang menawan sanubari

walaupun jauh
kamu dekat di hati
pandanganku menanti mu
aurora
kamu memberi
kembali mencari

aurora oh aurora
dari manakah kamu
kekal kamu sungguh jauh
aurora oh aurora
tidak ada bunyi mu
sanggup aku tetap menunggu
terdiam kerana berwarna ungu
ku putuskan biar bisu

walaupun jauh
kamu dekat di hati
pandanganku menanti mu
aurora
kamu memberi
kembali mencari

malam ini
aku sendiri
menumpu langit sambil berkata
gembira kamu disana
ku lihat, tersenyum, berwarna merah
ku tau kau kan tamat

Sunday, January 24, 2010

Policy, Standards, Practices, Guidelines, Procedures, blablabla

sometimes, thinking for higher level is good for me.. management of information security skill is an adding advantage with my little security technical skill.. with sunday laziness and some boredness i start here.. and end with example..

Policies..
deliberate plan of action to guide decisions and achieve rational outcomes..
some call a short and concise what is expected. This thing stand at he higest level.. no step by step "how to". (that is standards)

Standards..
more detailed statement of what must be done to comply with policy.. including more specific details on how to comply with policy..

Practice,Guidelines, Procedures
sharing quite same definitions.. actual process of doing things.. correct or usual way of doing something or usual order followed when doing something..
this is how it looks like.. (some lazy photoshoping)

examples
for a simple example, a company policy is each employee must have strong password.. just want strong password but how? here we have standards (come with practices, guidelines and procedures) which describe what is strong password and what are the criteria and how to make it.. for example must contains at least 8 characters with combination of letters, symbols,numbers, lower and upper case letter and yada..yada..

references
M.E Whitman, H.J. Mattord, Management of Information Security, Course Technology , 978-1-4239-0130-3
Advance English Dictionary
and some web references..

Friday, January 22, 2010

BackTrack 4 Final akhirnya.

"BackTrack is a Linux-based penetration testing arsenal that aids security professionals in the ability to perform assessments in a purely native environment dedicated to hacking.

Regardless if you’re making BackTrack your primary operating system, booting from a LiveDVD, or using your favorite thumbdrive, BackTrack has been customized down to every package, kernel configuration, script and patch solely for the purpose of the penetration tester."

Versi final ni guna kernel baru, ada tools yg lebih banyak dan jugak custom tools yg hanya boleh didapati di dalam BackTrack dan fixed kepada beberapa bugs yg sedia maklum..

boleh download kat sini: http://www.backtrack-linux.org/downloads/


Tuesday, January 19, 2010

flaws in our email service? be careful..

just now i just playing around with a mail after capek tell a story about his friend's email had been compromised..

what i had founded was quite shocking.. it was very easy to change others password just by having their ID..

it starts here.. I just click on I can't access my account link..



Then choose My account may have been compromised.. And click next..



complete some easy captcha n email id..



complete easy form..

finally i got an email..


maybe i miss something that make this system secure in other way.. because this is just my simple lazy experiments..(thats why my English is bad also) please add any if there are any, my friends..

Earthquake can be everywhere!!

There're lot of earthquake cases recently and the latest one is in Haiti.. I think government should have a syllabus in school on what to do when there are disaster especially earthquake.. (sorry if this one already implemented) ..If we cannot prevent earthquake, at least we can prevent lot of fatal death because of lack of education on how to protect ourselves during earthquake..

here i copy paste some procedure what to do during earthquake from FEMA dedicated for me as a reference in the future (who knows)..

If indoors

  • DROP to the ground; take COVER by getting under a sturdy table or other piece of furniture; and HOLD ON on until the shaking stops. If there isn’t a table or desk near you, cover your face and head with your arms and crouch in an inside corner of the building.
  • Stay away from glass, windows, outside doors and walls, and anything that could fall, such as lighting fixtures or furniture.
  • Stay in bed if you are there when the earthquake strikes. Hold on and protect your head with a pillow, unless you are under a heavy light fixture that could fall. In that case, move to the nearest safe place.
  • Use a doorway for shelter only if it is in close proximity to you and if you know it is a strongly supported, loadbearing doorway.
  • Stay inside until shaking stops and it is safe to go outside. Research has shown that most injuries occur when people inside buildings attempt to move to a different location inside the building or try to leave.
  • Be aware that the electricity may go out or the sprinkler systems or fire alarms may turn on.
  • DO NOT use the elevators.

If outdoors
  • Stay there.
  • Move away from buildings, streetlights, and utility wires.
  • Once in the open, stay there until the shaking stops. The greatest danger exists directly outside buildings, at exits, and alongside exterior walls. Many of the 120 fatalities from the 1933 Long Beach earthquake occurred when people ran outside of buildings only to be killed by falling debris from collapsing walls. Ground movement during an earthquake is seldom the direct cause of death or injury. Most earthquake-related casualties result from collapsing walls, flying glass, and falling objects.

If in a moving vehicle
  • Stop as quickly as safety permits and stay in the vehicle. Avoid stopping near or under buildings, trees, overpasses, and utility wires.
  • Proceed cautiously once the earthquake has stopped. Avoid roads, bridges, or ramps that might have been damaged by the earthquake.
If trapped under debris
  • Do not light a match.
  • Do not move about or kick up dust.
  • Cover your mouth with a handkerchief or clothing.
  • Tap on a pipe or wall so rescuers can locate you. Use a whistle if one is available. Shout only as a last resort. Shouting can cause you to inhale dangerous amounts of dust.

Sunday, December 27, 2009

eatable SPAM



yummy.. SPAM with honey grail..

Sunday, December 20, 2009

anti-shouldersurfer






Wednesday, December 9, 2009

Google Chrome for Linux..


Finally, after waiting and waiting.. and after reading the comics in the website i realize why..
It can be seen here

And can be downloaded here


support for Debian/Ubuntu/Fedora/openSUSE


Tuesday, December 8, 2009

Nepenthes + PHARM - SurfIDS = Test Dulu

PHARM or nepenthes pharm is a client/server tool to manage, report and analyze all your distributed nepenthes instances from one interface. Sounds interesting. Before this I developed nepenthes and OpenVPN plugin for Webmin, looking foward for nepenthes client and integrate them with SurfIDS, but I think it is the end of it :-(

(click image for larger visual)

PHARM has 3 main components:
  • Server
  • Client (Implement on nepenthe honeypot)
  • Web Portal (View data collected from sensor)
More info and screenshot are here: http://www.nepenthespharm.com

Wednesday, December 2, 2009

WINWORD.EXE malware

Some malware become famous because of their behaviour and now I found a malware that hide all your word documents and replace it with their copy of .exe files with the same name and icon as each of the hidden word documents before. It become dangerous when you did not set for not "hiding extensions for known file types" in folder options. It is because you cannot distinguish the changes made by the malware and it become worse when you attach the file in email and spread the malware to other computers by email. So please be aware of this malware by view the properties of the file before executing it. The malware will appear as "Application" rather than as "word documents". I'll post more on the detail of the analysis of this malware later and for this post just how to recover your file back.

First, open your command prompt by start>run and type cmd and press enter. In the command prompt, type your drive letter with double colon. (eg. if your pendrive labeled as I: in your "My Computer", just typed I: and press enter)

Then type:

dir /A:H
This command will view all the hidden files in your drive including the files that been hidden by the malware (if working properly)

Then to remove the hidden attribute of the files just type:

attrib -S -H -R *.doc
This command will remove the System Files (-S), Hidden (-H) and Read Only (-R) attributes for all .doc files int the drive. Please take note that the hidden attribute cannot be remove using properties.

Thats all for now and dont hesititate to ask if having any problems.

Sunday, November 29, 2009

Conficker Eye Chart

Quite lame, but still practical maybe..huhu..

"Joe Stewart from SecureWorks has put together an effective "eye chart" that sources its graphics from sites that Conficker would block. If you can't see one or more of the images, you're either infected, or image loading in your browser has been disabled.

Firefox users can check if image loading has been disabled under Tools/Options and the Content tab. Load Images Automatically should be checked. Internet Explorer users will find it under Tools/Internet Options, then the Advanced tab. Scroll down to Multimedia, and Show Pictures should be checked.

It's a test based on the fact that Conficker blocks legitimate security Web sites. The logos are sourced remotely, so if they can't load, the sites are also likely to be blocked. If you're seeing blocked images, you should check out the CNET guide to removing Conficker--just because the botnet hasn't done much that's demonstrably malicious yet doesn't mean it can't or won't in the future."


original post: http://www.nsaneforums.com/?showtopic=18612

Eye Chart: http://www.confickerworkinggroup.org/infection_test/cfeyechart.html